Disaster recovery plan _ is defined by the Committee on National Security Systems (CNSS) as the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. Contingency Plan A _ deals with the preparation for and recovery from a disaster, whether natural or man-made. Mitigation: Reduce the impact should the vulnerability be exploitedĪcceptance: Understand the consequences and accept the risk without controls or mitigation A(n) _ is prepared by the organization to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to normal modes of business operations. Transference: Transfer the risk to other areas or to outside entities Avoidance: Apply safeguards that eliminate or reduce the remaining uncontrolled risks False Once the project team for information security development creates a ranked vulnerability worksheet, the team must choose one of four basic strategies to control each of the risks that result from these vulnerabilities. Risk Management The vision of an organization is a written statement of an organization's purpose. Confidentiality _ is the process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of all the components in the organization's information system. Availability Information has the characteristic of _ when disclosure or exposure to unauthorized individuals or systems is prevented. Optionally, policy management software to manage creation, revision, and dissemination of policy _ ensures that only those with the rights and privileges to access information are able to do so. Mechanism for revision recommendations to be made (preferably anonymously) Schedule of reviews to ensure currency and accuracy Intellectual Properties What are some of the key elements that a security policy should have in order to remain viable? Security policies must contain: What is difference between access control lists and configuration rules? Access control lists -define rights and privileges of a particular user to a particular systemĬonfiguration rules -specific configuration codes entered into security systems _ is defined as "the ownership of ideas and control over the tangible or virtual representation of those ideas".
0 Comments
Leave a Reply. |